<div dir="ltr">Hi,<div>So far, for the sake of the demo, I have configured all the involved containers to have net: "host" so they share the same ip, and configured also a port offset for the keycloak server. This way, localhost maps to bot containers (apiman and keycloak).</div><div>This is not a solution, but at least a workaround for now, and I think a solution should come from Keycloak.</div><div><br></div><div>Also, I noticed that if I have the keycload server running on a docker container on port 8080 and I have it mapped externaly to port 8081 then same problem arises.</div><div><br></div><div>This could be tested with the official keycloak docker images available at <a href="http://jboss.org/docker">http://jboss.org/docker</a> with the following command (<b>if they worked</b>):</div><div><br></div><div> <span style="color:rgb(0,0,0);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:12px;line-height:22.1000003814697px;white-space:pre-wrap;background-color:rgb(240,240,240)">docker </span><span class="" style="font-weight:bold;color:rgb(0,0,0);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:12px;line-height:22.1000003814697px;white-space:pre-wrap">run</span><span style="color:rgb(0,0,0);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:12px;line-height:22.1000003814697px;white-space:pre-wrap;background-color:rgb(240,240,240)"> -it --rm -p </span><span class="" style="color:rgb(0,136,0);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:12px;line-height:22.1000003814697px;white-space:pre-wrap">8081</span><span style="color:rgb(0,0,0);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:12px;line-height:22.1000003814697px;white-space:pre-wrap;background-color:rgb(240,240,240)">:</span><span class="" style="color:rgb(0,136,0);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:12px;line-height:22.1000003814697px;white-space:pre-wrap">8080</span><span style="color:rgb(0,0,0);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:12px;line-height:22.1000003814697px;white-space:pre-wrap;background-color:rgb(240,240,240)"> -p </span><span class="" style="color:rgb(0,136,0);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:12px;line-height:22.1000003814697px;white-space:pre-wrap">9090</span><span style="color:rgb(0,0,0);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:12px;line-height:22.1000003814697px;white-space:pre-wrap;background-color:rgb(240,240,240)">:</span><span class="" style="color:rgb(0,136,0);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:12px;line-height:22.1000003814697px;white-space:pre-wrap">9090</span><span style="color:rgb(0,0,0);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:12px;line-height:22.1000003814697px;white-space:pre-wrap;background-color:rgb(240,240,240)"> jboss/keycloak-examples</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-01-21 12:23 GMT+01:00 Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
----- Original Message -----<br>
> From: "Jorge Morales Pou" <<a href="mailto:jorgemoralespou@gmail.com">jorgemoralespou@gmail.com</a>><br>
> To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Wednesday, 21 January, 2015 10:43:52 AM<br>
> Subject: [keycloak-user] Keycloak server securing wildfly in docker containers<br>
><br>
> Hi,<br>
> I have an scenario for Keycloak that I'm not able to solve in an easy way, so<br>
> any help will be more than appreciated.<br>
><br>
</span>> In apiman ( <a href="http://www.apiman.io" target="_blank">http://www.apiman.io</a> ) we are using Keycloak for securing the<br>
<span class="">> apiman rest endpoints. We are in the process of creating some demos with<br>
> docker and for that one of the demos is having keycloak as a separate server<br>
> to which the wildfly instances holding the apiman rest endpoint will<br>
> redirect for authentication.<br>
> So far, I've configured in this wildfly instances the auth-server-url to be<br>
> the keycloakserver. Internal communication to this server is resolved by<br>
> name, as it is docker links providing the accesibility, but this is an<br>
> "internal ip to docker"<br>
> The problem comes when I try to log into the escured resource, and I get a<br>
> redirection to this "internal" ip, which my browser can not access, so I get<br>
> an error.<br>
><br>
> Is there a way to:<br>
><br>
> a) Use a different URL for browser redirection as for internal redirection?<br>
> b) Use a different redirection strategy?<br>
> c) do it in any other way?<br>
<br>
</span>I'm currently looking into a solution to this, exactly how it'll work I haven't figured out yet. Should have something more concrete in a few weeks. Is this urgent for you or can it wait?<br>
<br>
If you have any suggestions please let me know.<br>
<span class=""><br>
><br>
> Thanks for any help you can provide on this.<br>
><br>
><br>
</span>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div><br></div>